Centralized Access Control and Single Sign On
2025.1
Reviewed: 9/20/2024
Updated: 9/20/2024
Purpose and Scope:
The purpose of this policy is to outline the approach to leveraging single sign-on authentication methods and centrally managing user accounts.
Controls and Procedures
Policy:
- IMPLAN leverages both Microsoft Active Directory/Azure Active Directory and Google Workspace as its Identity Providers (IdP) to control user access to systems and business applications.
- Single sign-on (SSO) should be used whenever the option is available and makes security and business sense instead of local authentication. This centralized approach improves user experience and simplifies access management, but should not come at exorbitant expense to IMPLAN.
- SSO is configured through OpenID Connect (OIDC), where available. When unavailable, SAML is the acceptable second option.
- The IT team is responsible for the administration of the IdPs, including user and access provisioning. The IT team may delegate administrative privilege to a subset of the system, such as a specific application.